Monday, May 14, 2012

We all are quite familiar with
what is a penetration test or a pen test. Every kind of software testing
technique makes use of certain tools, so does penetration testing.

This article
is focused up on the tools that are meant for carrying out the penetration
testing. Before moving on to the discussion about the tools, let us buck up
with some concepts of penetration testing.

About Penetration Testing

- Penetration testing gives a measure
of the security of the software system or application or a computer network.

- This
is done by the simulation of the attacks as from the outside malicious
attackers.

- The attacker can also be an insider.

- The attackers are classified in
to outsiders and insiders on the basis of the approach of their access to the
software system or application.

- The attackers not having any authorized access
to the system are called as outsiders and those who have any extent of
authorized access to the system are called insiders.

- The first step in the
penetration test is the identification of the potential vulnerabilities of the
system by carrying out an active analysis.

- These vulnerabilities are a
consequence of the improper configuration of the software system or they may
occur also because of flaws in the hardware and software components of the
system.

- Some of the technical counter measures may also revoke these
vulnerabilities.

- The penetration is performed in the way that a potential
attacker might follow to attack the system.

- After the identification of
these vulnerabilities, these are brought to the notice of the owner of the
system.

- These potential vulnerabilities are then coupled with a proper
assessment of their potential impacts on the system as well as organization
using several effective penetration tests.

- Some technical counter measures are
then designed to reduce their impact on the system.

There are several reasons
that make the penetration testing way more valuable. Now coming to the
discussion regarding the penetration testing tools, since there are many ways
in which the penetration testing can be carried out, there are several types of
tools that can be employed for the penetration testing.

Approach used in Penetration testing

- Depending up on the
amount of knowledge the tester has about the software system or application,
either the black box approach or the white box approach is followed.

- If the
tester has less knowledge of the system, he/ she is likely to follow the black
box approach.

- On the other hand if he/ she has ample amount of knowledge then
the white box approach is used.

- It is required that the location and the extent of
the system to be tested is determined properly before starting the testing. - For
the white box approach the tester needs to know about the critical aspects like
the IP address of the system and source code.

- If the amount of knowledge is
intermediate between the amounts required for the black box and white box
approaches, then the grey box testing approach is allowed.

- This involves the
intermixing of the white box and black box testing techniques.

- Both the white
box testing tools as well as black box testing tools can be employed here.

- All
these three approaches have their own merits and demerits which are often
debated.

- These tools are deployed for
the creation of the hostile environment for the testing of environment.